b'FDIC\xe2\x80\x99s Software Management Program\n\n(Report No. 04-020, June 8, 2004)\n\nSummary\n\nThe Office of Inspector General has completed an evaluation of the Division of\nInformation Resources Management\xe2\x80\x99s (DIRM) software management program. The\nobjective of our evaluation was to determine whether DIRM effectively manages its\nsoftware assets. Because DIRM is planning to implement a new Enterprise Asset\nManagement (EAM) system that will track information technology hardware and\nsoftware assets, we ended our assignment without performing detailed testing of the\nFederal Deposit Insurance Corporation\xe2\x80\x99s (FDIC) software inventory.\n\nGenerally, DIRM has established several effective controls over its software management\nprogram. However, DIRM could improve the effectiveness of the program by\nestablishing formal policies and procedures and by developing a consolidated software\ninventory system. DIRM has actions underway to develop these controls.\n\nDIRM could also improve its management of individual software licenses to ensure that\nthe FDIC complies with licensing terms and that the number of licenses deployed\napproximates user demand. For example, establishing a standard methodology for\ndetermining the number of licenses the Corporation requires under the Microsoft\nEnterprise Agreement would help to ensure that the FDIC is not at risk for being\nunderlicensed and does not incur unnecessary expenses for being overlicensed.\n\nRecommendations\n\nWe recommended that the Chief Information Officer and Director, DIRM:\n\n   \xe2\x80\xa2   Verify the accuracy of DIRM\xe2\x80\x99s software inventory prior to loading software asset\n       information into the proposed EAM system.\n\n   \xe2\x80\xa2   Document a standard methodology for calculating the number of Microsoft\n       licenses that the Corporation requires.\n\n   \xe2\x80\xa2   Prior to loading software asset information into the proposed EAM system, verify\n       that DIRM has appropriate licensing documentation for each software application\n       and validate the requirements for all software licensing agreements to ensure that\n       FDIC is paying only for maintaining licenses that the Corporation is actually\n       using.\n\x0cManagement Response\n\nOn June 4, 2004, we received a written response from the CIO and Director, DIRM. The\nCorporation proposed actions that are responsive to all three recommendations. The\nrecommendations are resolved, but will remain undispositioned and open for reporting\npurposes until we have determined that the agreed-to corrective actions have been\ncompleted and are effective.\n\nThis report addresses issues associated with specific software in use at the FDIC and\nsoftware management practices at other regulatory agencies. Accordingly, we have not\nmade, nor do we intend to make, public release of the specific contents of this report.\n\x0c'